> They are 4 digits but iproute2 reserves the "upper half" (those values where > value LAND 0X8000 is non-zero). Shorewall currently does not enforce that > restriction. > I am not sure I understand this - what range of values for the hex are accepted then?
Also, I've asked about the event-triggers in shorewall as I intend to run a script which creates my tcfilters file to be compiled by shorewall - I intended to use "init", but you mentioned in one of your previous posts that a "compile" script/file may be what is needed. In that script I have to load all my ipsets (which is what I am currently doing in "init") and then substitute the values in my tcfilters template with the actual ipset values and then pass the resulting file to shorewall for compilation. I know this is quite ugly, but I cannot see a better solution at present. Finally, one more query before I delve into this - is it possible to enforce "traffic shaping" on a lo (loopback) device? I know it may sound/look a bit idiotic, but I am using this device to run quite a lot of "services" (mainly as a tunnel via the ssh server) and would like to prioritise these. Is there actually a limit on the lo device? If so, how much is it? The lo device is already in use by shorewall (i.e. it is defined/used in zones as well as rules and secmarks files). ------------------------------------------------------------------------------ WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
